Omar Aldahir

1263-PCI Another great year at HP Protect. Some great lessons learned from my most recent customer engagements gave me the material for a presentation I look forward to turning into a white paper.

Companies and consultants charge a premium for Payment Card Industry (PCI) auditing fees. Transforming an effective software security assurance (SSA) program into a governance solution can save your company the unnecessary costs of re-certifying or failing an audit. Hear about the basics needed to transform an enterprise security platform into a governance program that will minimize reporting and maintain compliance.

Malware-retooled Just wanted to let everyone know that I will be presenting at Hacker Halted this year. The topic is going to be an interesting one. I would encourage everyone to attend if they can.

TOPIC:

Crimeware authors are leveraging the release of source to further develop their already sophisticated and well developed threats as well as add modularity and functionality to their software. In addition the release of Zeus and TDL3 source adds to the wealth of information already available further lowering the entry barrier for developers and price point for would be criminals looking to enter the malware market space. Zeus, SpyEye, (and others like them) are tools that are built specifically to target the financial industry, whereas Sunspot is a general purpose tool that modifies specifically to target banks. This is significant because tools and techniques that are built to detect the former do not work with the latter. Tracking these trends can be accomplished by leveraging classification and clustering models that are built on Behavioral analysis tools.